hadoop/hadoop-project-dist/hadoop-common/registry/hadoop-registry.html

1483 lines
69 KiB
HTML
Raw Normal View History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
| Generated by Apache Maven Doxia at 2023-03-02
| Rendered using Apache Maven Stylus Skin 1.5
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Apache Hadoop 3.4.0-SNAPSHOT &#x2013; The YARN Service Registry</title>
<style type="text/css" media="all">
@import url("../css/maven-base.css");
@import url("../css/maven-theme.css");
@import url("../css/site.css");
</style>
<link rel="stylesheet" href="../css/print.css" type="text/css" media="print" />
<meta name="Date-Revision-yyyymmdd" content="20230302" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body class="composite">
<div id="banner">
<a href="http://hadoop.apache.org/" id="bannerLeft">
<img src="http://hadoop.apache.org/images/hadoop-logo.jpg" alt="" />
</a>
<a href="http://www.apache.org/" id="bannerRight">
<img src="http://www.apache.org/images/asf_logo_wide.png" alt="" />
</a>
<div class="clear">
<hr/>
</div>
</div>
<div id="breadcrumbs">
<div class="xright"> <a href="http://wiki.apache.org/hadoop" class="externalLink">Wiki</a>
|
<a href="https://gitbox.apache.org/repos/asf/hadoop.git" class="externalLink">git</a>
|
<a href="http://hadoop.apache.org/" class="externalLink">Apache Hadoop</a>
&nbsp;| Last Published: 2023-03-02
&nbsp;| Version: 3.4.0-SNAPSHOT
</div>
<div class="clear">
<hr/>
</div>
</div>
<div id="leftColumn">
<div id="navcolumn">
<h5>General</h5>
<ul>
<li class="none">
<a href="../../../index.html">Overview</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/SingleCluster.html">Single Node Setup</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/ClusterSetup.html">Cluster Setup</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/CommandsManual.html">Commands Reference</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/FileSystemShell.html">FileSystem Shell</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/Compatibility.html">Compatibility Specification</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/DownstreamDev.html">Downstream Developer's Guide</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/AdminCompatibilityGuide.html">Admin Compatibility Guide</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/InterfaceClassification.html">Interface Classification</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/filesystem/index.html">FileSystem Specification</a>
</li>
</ul>
<h5>Common</h5>
<ul>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/CLIMiniCluster.html">CLI Mini Cluster</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/FairCallQueue.html">Fair Call Queue</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/NativeLibraries.html">Native Libraries</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/Superusers.html">Proxy User</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/RackAwareness.html">Rack Awareness</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/SecureMode.html">Secure Mode</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/ServiceLevelAuth.html">Service Level Authorization</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/HttpAuthentication.html">HTTP Authentication</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/CredentialProviderAPI.html">Credential Provider API</a>
</li>
<li class="none">
<a href="../../../hadoop-kms/index.html">Hadoop KMS</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/Tracing.html">Tracing</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/UnixShellGuide.html">Unix Shell Guide</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/registry/index.html">Registry</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/AsyncProfilerServlet.html">Async Profiler</a>
</li>
</ul>
<h5>HDFS</h5>
<ul>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HdfsDesign.html">Architecture</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HdfsUserGuide.html">User Guide</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HDFSCommands.html">Commands Reference</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HDFSHighAvailabilityWithQJM.html">NameNode HA With QJM</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HDFSHighAvailabilityWithNFS.html">NameNode HA With NFS</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/ObserverNameNode.html">Observer NameNode</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/Federation.html">Federation</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/ViewFs.html">ViewFs</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/ViewFsOverloadScheme.html">ViewFsOverloadScheme</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HdfsSnapshots.html">Snapshots</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HdfsEditsViewer.html">Edits Viewer</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HdfsImageViewer.html">Image Viewer</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html">Permissions and HDFS</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HdfsQuotaAdminGuide.html">Quotas and HDFS</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/LibHdfs.html">libhdfs (C API)</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/WebHDFS.html">WebHDFS (REST API)</a>
</li>
<li class="none">
<a href="../../../hadoop-hdfs-httpfs/index.html">HttpFS</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/ShortCircuitLocalReads.html">Short Circuit Local Reads</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/CentralizedCacheManagement.html">Centralized Cache Management</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HdfsNfsGateway.html">NFS Gateway</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HdfsRollingUpgrade.html">Rolling Upgrade</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/ExtendedAttributes.html">Extended Attributes</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html">Transparent Encryption</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HdfsMultihoming.html">Multihoming</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/ArchivalStorage.html">Storage Policies</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/MemoryStorage.html">Memory Storage Support</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/SLGUserGuide.html">Synthetic Load Generator</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HDFSErasureCoding.html">Erasure Coding</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HDFSDiskbalancer.html">Disk Balancer</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HdfsUpgradeDomain.html">Upgrade Domain</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HdfsDataNodeAdminGuide.html">DataNode Admin</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs-rbf/HDFSRouterFederation.html">Router Federation</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/HdfsProvidedStorage.html">Provided Storage</a>
</li>
</ul>
<h5>MapReduce</h5>
<ul>
<li class="none">
<a href="../../../hadoop-mapreduce-client/hadoop-mapreduce-client-core/MapReduceTutorial.html">Tutorial</a>
</li>
<li class="none">
<a href="../../../hadoop-mapreduce-client/hadoop-mapreduce-client-core/MapredCommands.html">Commands Reference</a>
</li>
<li class="none">
<a href="../../../hadoop-mapreduce-client/hadoop-mapreduce-client-core/MapReduce_Compatibility_Hadoop1_Hadoop2.html">Compatibility with 1.x</a>
</li>
<li class="none">
<a href="../../../hadoop-mapreduce-client/hadoop-mapreduce-client-core/EncryptedShuffle.html">Encrypted Shuffle</a>
</li>
<li class="none">
<a href="../../../hadoop-mapreduce-client/hadoop-mapreduce-client-core/PluggableShuffleAndPluggableSort.html">Pluggable Shuffle/Sort</a>
</li>
<li class="none">
<a href="../../../hadoop-mapreduce-client/hadoop-mapreduce-client-core/DistributedCacheDeploy.html">Distributed Cache Deploy</a>
</li>
<li class="none">
<a href="../../../hadoop-mapreduce-client/hadoop-mapreduce-client-core/SharedCacheSupport.html">Support for YARN Shared Cache</a>
</li>
</ul>
<h5>MapReduce REST APIs</h5>
<ul>
<li class="none">
<a href="../../../hadoop-mapreduce-client/hadoop-mapreduce-client-core/MapredAppMasterRest.html">MR Application Master</a>
</li>
<li class="none">
<a href="../../../hadoop-mapreduce-client/hadoop-mapreduce-client-hs/HistoryServerRest.html">MR History Server</a>
</li>
</ul>
<h5>YARN</h5>
<ul>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/YARN.html">Architecture</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/YarnCommands.html">Commands Reference</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/CapacityScheduler.html">Capacity Scheduler</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/FairScheduler.html">Fair Scheduler</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/ResourceManagerRestart.html">ResourceManager Restart</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/ResourceManagerHA.html">ResourceManager HA</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/ResourceModel.html">Resource Model</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/NodeLabel.html">Node Labels</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/NodeAttributes.html">Node Attributes</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/WebApplicationProxy.html">Web Application Proxy</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/TimelineServer.html">Timeline Server</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/TimelineServiceV2.html">Timeline Service V.2</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/WritingYarnApplications.html">Writing YARN Applications</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/YarnApplicationSecurity.html">YARN Application Security</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/NodeManager.html">NodeManager</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/DockerContainers.html">Running Applications in Docker Containers</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/RuncContainers.html">Running Applications in runC Containers</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/NodeManagerCgroups.html">Using CGroups</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/SecureContainer.html">Secure Containers</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/ReservationSystem.html">Reservation System</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/GracefulDecommission.html">Graceful Decommission</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/OpportunisticContainers.html">Opportunistic Containers</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/Federation.html">YARN Federation</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/SharedCache.html">Shared Cache</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/UsingGpus.html">Using GPU</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/UsingFPGA.html">Using FPGA</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/PlacementConstraints.html">Placement Constraints</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/YarnUI2.html">YARN UI2</a>
</li>
</ul>
<h5>YARN REST APIs</h5>
<ul>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/WebServicesIntro.html">Introduction</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/ResourceManagerRest.html">Resource Manager</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/NodeManagerRest.html">Node Manager</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/TimelineServer.html#Timeline_Server_REST_API_v1">Timeline Server</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/TimelineServiceV2.html#Timeline_Service_v.2_REST_API">Timeline Service V.2</a>
</li>
</ul>
<h5>YARN Service</h5>
<ul>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/yarn-service/Overview.html">Overview</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/yarn-service/QuickStart.html">QuickStart</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/yarn-service/Concepts.html">Concepts</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/yarn-service/YarnServiceAPI.html">Yarn Service API</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/yarn-service/ServiceDiscovery.html">Service Discovery</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-site/yarn-service/SystemServices.html">System Services</a>
</li>
</ul>
<h5>Hadoop Compatible File Systems</h5>
<ul>
<li class="none">
<a href="../../../hadoop-aliyun/tools/hadoop-aliyun/index.html">Aliyun OSS</a>
</li>
<li class="none">
<a href="../../../hadoop-aws/tools/hadoop-aws/index.html">Amazon S3</a>
</li>
<li class="none">
<a href="../../../hadoop-azure/index.html">Azure Blob Storage</a>
</li>
<li class="none">
<a href="../../../hadoop-azure-datalake/index.html">Azure Data Lake Storage</a>
</li>
<li class="none">
<a href="../../../hadoop-cos/cloud-storage/index.html">Tencent COS</a>
</li>
<li class="none">
<a href="../../../hadoop-huaweicloud/cloud-storage/index.html">Huaweicloud OBS</a>
</li>
</ul>
<h5>Auth</h5>
<ul>
<li class="none">
<a href="../../../hadoop-auth/index.html">Overview</a>
</li>
<li class="none">
<a href="../../../hadoop-auth/Examples.html">Examples</a>
</li>
<li class="none">
<a href="../../../hadoop-auth/Configuration.html">Configuration</a>
</li>
<li class="none">
<a href="../../../hadoop-auth/BuildingIt.html">Building</a>
</li>
</ul>
<h5>Tools</h5>
<ul>
<li class="none">
<a href="../../../hadoop-streaming/HadoopStreaming.html">Hadoop Streaming</a>
</li>
<li class="none">
<a href="../../../hadoop-archives/HadoopArchives.html">Hadoop Archives</a>
</li>
<li class="none">
<a href="../../../hadoop-archive-logs/HadoopArchiveLogs.html">Hadoop Archive Logs</a>
</li>
<li class="none">
<a href="../../../hadoop-distcp/DistCp.html">DistCp</a>
</li>
<li class="none">
<a href="../../../hadoop-federation-balance/HDFSFederationBalance.html">HDFS Federation Balance</a>
</li>
<li class="none">
<a href="../../../hadoop-gridmix/GridMix.html">GridMix</a>
</li>
<li class="none">
<a href="../../../hadoop-rumen/Rumen.html">Rumen</a>
</li>
<li class="none">
<a href="../../../hadoop-resourceestimator/ResourceEstimator.html">Resource Estimator Service</a>
</li>
<li class="none">
<a href="../../../hadoop-sls/SchedulerLoadSimulator.html">Scheduler Load Simulator</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/Benchmarking.html">Hadoop Benchmarking</a>
</li>
<li class="none">
<a href="../../../hadoop-dynamometer/Dynamometer.html">Dynamometer</a>
</li>
</ul>
<h5>Reference</h5>
<ul>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/release/">Changelog and Release Notes</a>
</li>
<li class="none">
<a href="../../../api/index.html">Java API docs</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/UnixShellAPI.html">Unix Shell API</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/Metrics.html">Metrics</a>
</li>
</ul>
<h5>Configuration</h5>
<ul>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/core-default.xml">core-default.xml</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs/hdfs-default.xml">hdfs-default.xml</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-hdfs-rbf/hdfs-rbf-default.xml">hdfs-rbf-default.xml</a>
</li>
<li class="none">
<a href="../../../hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xml">mapred-default.xml</a>
</li>
<li class="none">
<a href="../../../hadoop-yarn/hadoop-yarn-common/yarn-default.xml">yarn-default.xml</a>
</li>
<li class="none">
<a href="../../../hadoop-kms/kms-default.html">kms-default.xml</a>
</li>
<li class="none">
<a href="../../../hadoop-hdfs-httpfs/httpfs-default.html">httpfs-default.xml</a>
</li>
<li class="none">
<a href="../../../hadoop-project-dist/hadoop-common/DeprecatedProperties.html">Deprecated Properties</a>
</li>
</ul>
<a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
<img alt="Built by Maven" src="../images/logos/maven-feather.png"/>
</a>
</div>
</div>
<div id="bodyColumn">
<div id="contentBox">
<!---
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<section>
<h2><a name="The_YARN_Service_Registry"></a>The YARN Service Registry</h2>
<h1>Introduction and concepts</h1>
<p>This document describes a Hadoop service registry built to address two problems:</p>
<ol style="list-style-type: decimal">
<li>How can clients talk to YARN-deployed services and the components which form such services?</li>
<li>Allow Hadoop core services to be registered and discovered thereby reducing configuration parameters and to allow core services to be more easily moved.</li>
</ol>
<p>Service registration and discovery is a long-standing problem in distributed computing, dating back to Xerox&#x2019;s Grapevine Service. This proposal is for a registry for locating distributed applications deployed by YARN, and determining the binding information needed to communicate with these applications.</p><section>
<h3><a name="Definitions"></a>Definitions</h3>
<p><b>Service</b>: a potentially-distributed application deployed in &#x2014;or reachable from&#x2014; a Hadoop YARN cluster. Examples: Apache HBase, Apache hcatalog, Apache Storm. Services may be short-lived or long-lived.</p>
<p><b>Service Class:</b> the name of a type of service, used as a path in a registry and matching the DNS-compatible path naming scheme. Examples: <code>org-apache-hbase</code>, <code>org-apache-hcatalog</code></p>
<p><b>Component</b>: a distributed element of a service. Examples: HBase master nodes, HBase region servers and HBase REST servers.</p>
<p><b>Service Instance:</b> A single instance of an application. Example, an HBase cluster <code>demo1</code>. A service instance is running if the instances the components which for the service are running. This does not imply &#x201c;live&#x201d; in the distributed computing sense, merely that the process are running.</p>
<p><b>Component Instance</b>: a single instance of a component within a service instance. Examples: an HBase master node on host <code>rack1server6</code> or a region server on host <code>rack3server40</code>.</p>
<p><b>Endpoint</b>: one means of binding with a service instance or a component instance. Examples: HBase&#x2019;s Apache Zookeeper binding, a Java JMX port on a region server, a Web UI on an HBase Master, and the REST API of an HBase REST component instance. Endpoints may be <i>internal</i> &#x2014;for use within the service instance, or <i>external</i>: for use by clients of a service instance.</p>
<p><b>Service Record</b>: a record in the registry describing a service instance or a component instance, including listing its endpoints.</p>
<p><b>YARN Resource Manager, &#x201c;RM&#x201d;:</b> the YARN component which allows client applications to submit work (including requests to deploy service instances) to a YARN cluster. The RM retains state on all running applications.</p>
<p><b>YARN Application</b>: An application deployed via YARN. Every application instance has a unique application ID.</p>
<p><b>YARN Application Master, &#x201c;AM&#x201d;:</b> the application-specific component which is scheduled and deployed by the RM. It has the duty of maintaining the internal state of the application, including requesting and managing all other component instances of this application instance. The YARN RM will detect the failure of the AM, and respond by rescheduling it.</p>
<p><b>YARN Container:</b> An allocation of resources, including CPU and RAM, for a component instance. The AM has the responsibility of requesting the containers its components need, and building the commands to instantiate its component instances onto allocated containers. Every allocated container has a unique container ID.</p></section></section><section>
<h2><a name="The_binding_problem"></a>The binding problem</h2>
<p>Hadoop YARN allows applications to run on the Hadoop cluster. Some of these are batch jobs or queries that can managed via YARN&#x2019;s existing API using its application ID. In addition YARN can deploy long-lived services instances such a pool of Apache Tomcat web servers or an Apache HBase cluster. YARN will deploy them across the cluster depending on the individual each component requirements and server availability. These service instances need to be discovered by clients; traditionally their IP added is registered in DNS or in some configuration file &#x2014;but that is not feasible in YARN-deployed applications when neither the hostname nor network ports can be known in advance.</p>
<p>As a result there is no easy way for clients to interact with dynamically deployed applications.</p>
<p>YARN supports a rudimentary registry which allows YARN Application Masters to register a web URL and an IPC address. but is not sufficient for our purposes since it It does not allow any other <i>endpoints</i> to be registered &#x2014;such as REST URLs, or zookeeper path or the endpoints of the tasks that the Application Master executes. Further, information that can be registered is mapped to the YARN application instance &#x2014;a unique instance ID that changes whenever a YARN application is started. This makes it impossible to resolve binding information via a static reference to a named service, or to even probe for the existence of a service instance which is not currently live.</p>
<h1>Use Cases</h1></section><section>
<h2><a name="Service_Name_Examples"></a>Service Name Examples</h2>
<p>Core Hadoop services.</p>
<p>These may be deployed statically, dynamically via an account with the permissions to write to the <code>/services</code> path, or even registrations of remote services accessible from within the Hadoop cluster</p>
<div class="source">
<div class="source">
<pre> /services/hdfs
/services/yarn
/services/oozie
</pre></div></div>
<p>YARN-deployed services belonging to individual users.</p>
<div class="source">
<div class="source">
<pre> /users/joe/org-apache-hbase/demo1
/users/joe/org-apache-hbase/demo1/components/regionserver1
</pre></div></div>
</section><section>
<h2><a name="Registration_Use_Cases"></a>Registration Use Cases</h2>
<ol style="list-style-type: decimal">
<li>
<p>A Hadoop core service that is not running under YARN example: HDFS) can be registered in for discovery. This could be done by the service or by management tools..</p>
</li>
<li>
<p>A long-lived application deployed by YARN registers itself for discovery by clients. The registration data is intended to outlive the application master, and perhaps the lifespan of a single deployment of the service instance.</p>
</li>
<li>
<p>Component instances of a service register themselves, publishing internal binding information, such as JMX ports.</p>
</li>
<li>
<p>A YARN-deployed application can bind to dependent service instances both static and dynamic. Example: a Tomcat web pool binding to the dynamic HBase service instance &#x201c;/users/joe/services/hbase/demo1&#x201d;.</p>
</li>
<li>
<p>Component Instances use the registry to bind to an internal endpoint of their application master, to which they heartbeat regularly.</p>
</li>
</ol></section><section>
<h2><a name="Unsupported_Registration_use_cases:"></a>Unsupported Registration use cases:</h2>
<ol style="list-style-type: decimal">
<li>A short-lived YARN application is registered automatically in the registry, including all its containers. and unregistered when the job terminates. Short-lived applications with many containers will place excessive load on a registry. All YARN applications will be given the option of registering, but it will not be automatic &#x2014;and application authors must be advised against registering short-lived containers.</li>
</ol></section><section>
<h2><a name="Lookup_Use_Cases"></a>Lookup Use Cases</h2>
<ol style="list-style-type: decimal">
<li>
<p>A client application looks up a dynamically deployed service instance whose user, service class and instance name is known, e.g. <code>/users/joe/services/hbase/demo1</code>, and retrieves the information needed to connect to the service</p>
</li>
<li>
<p>A client application looks up a statically deployed Hadoop service Example: <code>/services/hdfs</code>.</p>
</li>
<li>
<p>An Application Master enumerates all registered component instances, discovers their listed JMX ports, and, initializes own web UI, offers links to these endpoints.</p>
</li>
<li>
<p>A user connects to a private HBase service instance at <code>/users/joe/services/hbase/demo1</code>.</p>
</li>
<li>
<p>A user connects to the cluster&#x2019;s HBase service at <code>/services/hbase</code>.</p>
</li>
<li>
<p>A user looks up the binding information to a remote Hadoop cluster&#x2019;s filesystem at <code>/net/cluster4/services/hdfs</code>. The registration information includes the <code>webhdfs://</code> URL for the remote filesystem.</p>
</li>
<li>
<p>A user lists their HBase service instances:</p>
<div class="source">
<div class="source">
<pre>ls /users/joe/services/hbase
</pre></div></div>
</li>
<li>
<p>User finds all Hbase services in the cluster:</p>
<div class="source">
<div class="source">
<pre>find -endpointField.api=org.apache.hbase
</pre></div></div>
</li>
<li>
<p>Possibly in future: looking up a service via DNS.</p>
</li>
</ol>
<p>This registry proposal is intended to support these use cases by providing a means for applications to register their service endpoints, and for clients to locate them.</p>
<h1>Key Requirements of a Service Registry</h1>
<p>Allow dynamic registration of service instances</p>
<ul>
<li>
<p>YARN deployed services instances must be able register their bindings and be discovered by clients.</p>
</li>
<li>
<p>Core Hadoop service instances must be able to register their service endpoints.</p>
</li>
<li>
<p>The binding must be upgradable if the service moves or in case if HA fails over.</p>
</li>
<li>
<p>A service instance must be able to publish a variety of endpoints for a service: Web UI, RPC, REST, Zookeeper, others. Furthermore one must also be able register certificates and other public security information may be published as part of a binding.</p>
</li>
</ul>
<p>Registry service properties:</p>
<ul>
<li>
<p>The registry must be highly available.</p>
</li>
<li>
<p>Scale: many services and many clients in a large cluster. This will limit how much data a service can publish.</p>
</li>
<li>
<p>Ubiquity: we need this in every YARN cluster, whether physical, virtual or in-cloud.</p>
</li>
<li>
<p>Must support hierarchical namespace and names. The name convention must match that of DNS so that we have the option of accessing the namespace via DNS protocol at a later phase of the project.</p>
</li>
<li>
<p>Registry API Language/Protocols</p>
</li>
<li>
<p>Cross-language: independent of any language; client language != service</p>
</li>
<li>
<p>REST API for reading registry data</p>
</li>
</ul>
<p>Access Control:</p>
<ul>
<li>
<p>Read access for all</p>
</li>
<li>
<p>Write is restricted so that squatting and impersonation can be avoided.</p>
</li>
</ul>
<p>Remote accessibility: supports remote access even on clusters which are only reachable via Apache Knox, or hosted in cloud environments.</p></section><section>
<h2><a name="Non-Requirements"></a>Non-Requirements</h2>
<ul>
<li>
<p>The registry is not intended for liveness detection, leader-election or perform other &#x201c;shared consensual state&#x201d; actions for an application itself, other than potentially sharing binding information between component instances.</p>
</li>
<li>
<p>The registry is not intended to be a store for arbitrary application state, or for publishing configuration data other than binding information to endpoints offered by a service and its components. Such use would overload the registry and rapidly reach limits of what Zookeeper permits.</p>
</li>
</ul>
<h1>Architecture</h1>
<p>We propose a base registry service that binds string-names to records describing service and component instances. We plan to use ZK as the base name service since it supports many of the properties, We pick a part of the ZK namespace to be the root of the service registry ( default: <code>yarnRegistry</code>).</p>
<p>On top this base implementation we build our registry service API and the naming conventions that YARN will use for its services. The registry will be accessed by the registry API, not directly via ZK - ZK is just an implementation choice (although unlikely to change in the future).</p>
<ol style="list-style-type: decimal">
<li>
<p>Services are registered by binding a <b><i>path</i></b> to a value called a <b><i>Service Record</i></b>. Paths are hierarchical and use <code>/</code> as the root as well as the separator.</p>
</li>
<li>
<p>Service records are registered as persistent znodes. This ensures that the record remains present during planned and unplanned outages of the service, on the assumption that client code is resilient to transient outages.</p>
</li>
<li>
<p>Each service instance&#x2019;s service record lists the endpoints for its various protocols exported by that service instance.</p>
</li>
<li>
<p>For each protocol endpoint it must contain</p>
<ol style="list-style-type: decimal">
<li>
<p>The <i>protocol</i> name including: Web, REST, IPC, zookeeper. (type:string)</p>
</li>
<li>
<p>Its <i>address</i>: the specific details used to locate this endpoint</p>
</li>
<li>
<p>Its <i>addressType</i>. This is the format of the binding string. (URL, ZK path, hostname:port pair). For the predefined protocols, we will define what format the binding string MUST be. Example: <code>protocol==REST</code> means binding type is <code>URL</code>, <code>protocol==IPC</code> binding uses the addresstype <code>host/port</code>.</p>
</li>
<li>
<p>The <i>api</i>. This is the API offered by the endpoint, and is application specific. examples: <code>org.apache.hadoop.namenode</code>, <code>org.apache.hadoop.webhdfs</code></p>
</li>
</ol>
</li>
<li>
<p>Endpoints may be <i>external</i> &#x2014;for use by programs other than the service itself, and <i>internal</i> &#x2014;for connecting components within the service instance. They will be listed in different sections of the Service Record to distinguish them.</p>
</li>
<li>
<p>Core services will be registered using the following convention: <code>/services/{servicename}</code> e.g. <code>/services/hdfs</code>.</p>
</li>
<li>
<p>YARN services SHOULD be registered using the following convention:</p>
<div class="source">
<div class="source">
<pre>/users/{username}/{serviceclass}/{instancename}
</pre></div></div>
</li>
<li>
<p>Component instances SHOULD be registered under</p>
<div class="source">
<div class="source">
<pre>/users/{username}/{serviceclass}/{instancename}/components/{componentname}
</pre></div></div>
</li>
<li>
<p>Each of the user&#x2019;s services which follows this convention must have unique service class names,</p>
</li>
<li>
<p>Each component instance must have a name that is unique for that service instance. For a YARN-deployed application, this can be trivially derived from the container ID.</p>
</li>
</ol>
<p>The requirements for unique names ensures that the path to a service instance or component instance is guaranteed to be unique, and that all instances of a specific service class can be enumerated by listing all children of the service class path.</p>
<h1>Registry Model</h1>
<p>Service entries MUST be persistent &#x2014;it is the responsibility of YARN and other tools to determine when a service entry is to be deleted.</p></section><section>
<h2><a name="Path_Elements"></a>Path Elements</h2>
<p>All path elements MUST match that of a lower-case entry in a hostname path as defined in RFC1123; the regular expression is:</p>
<div class="source">
<div class="source">
<pre>([a-z0-9]|([a-z0-9][a-z0-9\-]*[a-z0-9]))
</pre></div></div>
<p>This policy will ensure that were the registry hierarchy ever to exported by a DNS service, all service classes and names would be valid.</p>
<p>A complication arises with user names, as platforms may allow user names with spaces, high unicode and other characters in them. Such paths must be converted to valid DNS hostname entries using the punycode convention used for internationalized DNS.</p></section><section>
<h2><a name="Service_Record"></a>Service Record</h2>
<p>A Service Record has some basic information and possibly empty lists of internal and external endpoints.</p><section>
<h3><a name="Service_Record:"></a>Service Record:</h3>
<p>A Service Record contains some basic informations and two lists of endpoints: one list for users of a service, one list for internal use within the application.</p>
<table border="0" class="bodyTable">
<tr class="a">
<td>Name</td>
<td>Description</td>
</tr>
<tr class="b">
<td>type: String</td>
<td>Always: &quot;JSONServiceRecord&quot;</td>
</tr>
<tr class="a">
<td>description: String</td>
<td>Human-readable description.</td>
</tr>
<tr class="b">
<td>external: List[Endpoint]</td>
<td>A list of service endpoints for external callers.</td>
</tr>
<tr class="a">
<td>internal: List[Endpoint]</td>
<td>A list of service endpoints for internal use within the service instance.</td>
</tr>
</table>
<p>The type field MUST be <code>&quot;JSONServiceRecord&quot;</code>. Mandating this string allows future record types <i>and</i> permits rapid rejection of byte arrays that lack this string before attempting to parse the data with a JSON parser.</p></section><section>
<h3><a name="YARN_Persistence_policies"></a>YARN Persistence policies</h3>
<p>The attributes, <code>yarn:id</code> and <code>yarn:persistence</code> specify which records <i>and any child entries</i> may be deleted as the associated YARN components complete.</p>
<p>The <code>yarn:id</code> field defines the application, attempt or container ID to match; the <code>yarn:persistence</code> attribute defines the trigger for record cleanup, and implicitly the type of the contents of the <code>yarn:id</code> field.</p>
<p>These attributes use the prefix &#x201c;<code>yarn:</code>&#x201d; to indicate that their reliance on the YARN layer of the Hadoop cluster to implement the policy. If the registry were to run standalone &#x2014;which is entirely possible&#x2014; all records would be implicitly persistent.</p>
<table border="0" class="bodyTable">
<tr class="a">
<td>Name</td>
<td>Description</td>
<td>contents of `yarn:id` field</td>
</tr>
<tr class="b">
<td>permanent</td>
<td>The record persists until removed manually.</td>
<td>(unused)</td>
</tr>
<tr class="a">
<td>application</td>
<td>Remove when the YARN application defined in the id field terminates.</td>
<td>application ID</td>
</tr>
<tr class="b">
<td>application-attempt</td>
<td>Remove when the current YARN application attempt finishes.</td>
<td>application attempt ID</td>
</tr>
<tr class="a">
<td>container</td>
<td>Remove when the YARN container in the ID field finishes</td>
<td>container ID</td>
</tr>
</table>
<p>The policies which clean up when an application, application attempt or container terminates require the <code>yarn:id</code> field to match that of the application, attempt or container. If the wrong ID is set, the cleanup does not take place &#x2014;and if set to a different application or container, will be cleaned up according the lifecycle of that application.</p></section><section>
<h3><a name="Endpoint:"></a>Endpoint:</h3>
<table border="0" class="bodyTable">
<tr class="a">
<td>Name</td>
<td>Description</td>
</tr>
<tr class="b">
<td>api: URI as String</td>
<td>API implemented at the end of the binding</td>
<tr class="a">
<td>protocol: String</td>
<td>Protocol. Examples:
`http`, `https`, `hadoop-rpc`, `zookeeper`, `web`, `REST`, `SOAP`, ...</td>
</tr>
<tr class="b">
<td>addressType: String</td>
<td>format of the binding</td>
</tr>
</tr>
<tr class="a">
<td>addresses: List[Map[String, String]]</td>
<td>a list of address maps</td>
</tr>
</table>
<p>All string fields have a limit on size, to dissuade services from hiding complex JSON structures in the text description.</p><section>
<h4><a name="Field_addressType:_Address_Type"></a>Field <code>addressType</code>: Address Type</h4>
<p>The <code>addressType</code> field defines the string format of entries.</p>
<p>Having separate types is that tools (such as a web viewer) can process binding strings without having to recognize the protocol.</p>
<table border="0" class="bodyTable">
<tr class="a">
<td>Format</td>
<td>binding format</td>
</tr>
<tr class="b">
<td>uri</td>
<td>uri:URI of endpoint</td>
</tr>
<tr class="a">
<td>hostname</td>
<td>hostname: service host</td>
</tr>
<tr class="b">
<td>inetaddress</td>
<td>hostname: service host, port: service port</td>
</tr>
<tr class="a">
<td>path</td>
<td>path: generic unix filesystem path</td>
</tr>
<tr class="b">
<td>zookeeper</td>
<td>hostname: service host, port: service port, path: ZK path</td>
</tr>
</table>
<p>In the zookeeper binding, every entry represents a single node in quorum, the <code>hostname</code> and <code>port</code> fields defining the hostname of the ZK instance and the port on which it is listening. The <code>path</code> field lists zookeeper path for applications to use. For example, for HBase this would refer to the znode containing information about the HBase cluster.</p>
<p>The path MUST be identical across all address elements in the <code>addresses</code> list. This ensures that any single address contains enough information to connect to the quorum and connect to the relevant znode.</p>
<p>New Address types may be defined; if not standard please prefix with the character sequence <code>&quot;x-&quot;</code>.</p></section></section><section>
<h3><a name="Field_api:_API_identifier"></a>Field <code>api</code>: API identifier</h3>
<p>The API field MUST contain a URI that identifies the specific API of an endpoint. These MUST be unique to an API to avoid confusion.</p>
<p>The following strategies are suggested to provide unique URIs for an API</p>
<ol style="list-style-type: decimal">
<li>The SOAP/WS-* convention of using the URL to where the WSDL defining the service</li>
<li>A URL to the svn/git hosted document defining a REST API</li>
<li>the <code>classpath</code> schema followed by a path to a class or package in an application.</li>
<li>The <code>uuid</code> schema with a generated UUID.</li>
</ol>
<p>It is hoped that standard API URIs will be defined for common APIs. Two such non-normative APIs are used in this document</p>
<ul>
<li><code>http://</code> : A web site for humans</li>
<li><code>classpath:javax.management.jmx</code>: and endpoint supporting the JMX management protocol (RMI-based)</li>
</ul></section><section>
<h3><a name="Examples_of_Service_Entries"></a>Examples of Service Entries</h3>
<p>Here is an example of a service entry for a YARN-deployed tomcat application.</p>
<p>After creation and registration of the application, the registry looks as follows:</p>
<div class="source">
<div class="source">
<pre>/users
/devteam
/org-apache-tomcat
/test1
/components
/container-1408631738011-0001-01-000002
/container-1408631738011-0001-01-000001
</pre></div></div>
<p>The <code>/users/devteam/org-apache-tomcat/tomcat-test</code> service record describes the overall application. It exports the URL to a load balancer.</p>
<div class="source">
<div class="source">
<pre>{
&quot;description&quot; : &quot;tomcat-based web application&quot;,
&quot;external&quot; : [ {
&quot;api&quot; : &quot;http://internal.example.org/restapis/scheduler/20141026v1&quot;,
&quot;addressType&quot; : &quot;uri&quot;,
&quot;protocol&quot; : &quot;REST&quot;,
&quot;addresses&quot; : [
{ &quot;uri&quot; : &quot;http://loadbalancer/&quot; },
{ &quot;uri&quot; : &quot;http://loadbalancer2/&quot; }
]
} ],
&quot;internal&quot; : [ ]
}
</pre></div></div>
<p>The service instance is built from two component instances, each described with their container ID converted into a DNS-compatible hostname. The entries are marked as ephemeral. If the entries were set within the container, then when that container is released or if the component fails, the entries will be automatically removed. Accordingly, it&#x2019;s persistence policy is declared to be &#x201c;3&#x201d;, container. The <code>yarn:id</code> field identifies the container whose completion will trigger the deletion of this entry</p>
<div class="source">
<div class="source">
<pre>/users/devteam/org-apache-tomcat/test1/components/container-1408631738011-0001-01-000001
{
&quot;yarn:id&quot; : &quot;container_1408631738011_0001_01_000001&quot;,
&quot;yarn:persistence&quot; : &quot;container&quot;,
&quot;description&quot; : &quot;&quot;,
&quot;external&quot; : [ {
&quot;api&quot; : &quot;http://internal.example.org/restapis/scheduler/20141026v1&quot;,
&quot;addressType&quot; : &quot;uri&quot;,
&quot;protocol&quot; : &quot;REST&quot;,
&quot;addresses&quot; : [{ &quot;uri&quot; : &quot;rack4server3:43572&quot; } ]
} ],
&quot;internal&quot; : [ {
&quot;api&quot; : &quot;classpath:javax.management.jmx&quot;,
&quot;addressType&quot; : &quot;host/port&quot;,
&quot;protocol&quot; : &quot;rmi&quot;,
&quot;addresses&quot; : [ {
&quot;host&quot; : &quot;rack4server3&quot;,
&quot;port&quot; : &quot;48551&quot;
} ]
} ]
}
</pre></div></div>
<p>The component instances list their endpoints: the public REST API as an external endpoint, the JMX addresses as internal.</p>
<div class="source">
<div class="source">
<pre>/users/devteam/org-apache-tomcat/test1/components/container-1408631738011-0001-01-000002
{
&quot;registrationTime&quot; : 1408638082445,
&quot;yarn:id&quot; : &quot;container_1408631738011_0001_01_000002&quot;,
&quot;yarn:persistence&quot; : &quot;container&quot;,
&quot;description&quot; : null,
&quot;external&quot; : [ {
&quot;api&quot; : &quot;http://internal.example.org/restapis/scheduler/20141026v1&quot;,
&quot;addressType&quot; : &quot;uri&quot;,
&quot;protocol&quot; : &quot;REST&quot;,
&quot;addresses&quot; : [ [ &quot;http://rack1server28:35881&quot; ] ]
} ],
&quot;internal&quot; : [ {
&quot;api&quot; : &quot;classpath:javax.management.jmx&quot;,
&quot;addressType&quot; : &quot;host/port&quot;,
&quot;protocol&quot; : &quot;rmi&quot;,
&quot;addresses&quot; : [ {
&quot;host&quot; : &quot;rack1server28&quot;,
&quot;port&quot; : &quot;48551&quot;
} ]
} ]
}
</pre></div></div>
<p>This information could be used by the (hypothetical) load balancer to enumerate the components and build a list of component instances to dispatch requests to. Similarly, a management application could enumerate all available component instances and their JMX ports, then connect to each to collect performance metrics.</p>
<h1>Registry API</h1>
<p>Here is the registry API as seen from a Java application. The API is a thin layer above the ZK operations, essentially building up paths, reading, writing and updating entries, and enumerating children. The REST API is implemented inside a server and use this same API to implement its REST API.</p>
<p>The exceptions that are listed are only a subset of possible exception &#x2014;the interface merely lists those that have special meaning.</p>
<p>All write operations must assume that they are communicating with a registry service with the consistency view of a Zookeeper client; read-only clients must assume that their view may be somewhat out of date.</p>
<p>All clients must recognize that the registry is a shared resource and that it may change during a sequence of actions.</p></section><section>
<h3><a name="Registry_Operations"></a>Registry Operations</h3>
<div class="source">
<div class="source">
<pre>public interface RegistryOperations extends Service {
/**
* Create a path.
*
* It is not an error if the path exists already, be it empty or not.
*
* The createParents flag also requests creating the parents.
* As entries in the registry can hold data while still having
* child entries, it is not an error if any of the parent path
* elements have service records.
*
* @param path path to create
* @param createParents also create the parents.
* @throws PathNotFoundException parent path is not in the registry.
* @throws InvalidPathnameException path name is invalid.
* @throws IOException Any other IO Exception.
* @return true if the path was created, false if it existed.
*/
boolean mknode(String path, boolean createParents)
throws PathNotFoundException,
InvalidPathnameException,
IOException;
/**
* Set a service record to an entry
* @param path path to service record
* @param record service record service record to create/update
* @param createFlags creation flags
* @throws PathNotFoundException the parent path does not exist
* @throws FileAlreadyExistsException path exists but create flags
* do not include &quot;overwrite&quot;
* @throws InvalidPathnameException path name is invalid.
* @throws IOException Any other IO Exception.
*/
void bind(String path, ServiceRecord record, int createFlags)
throws PathNotFoundException,
FileAlreadyExistsException,
InvalidPathnameException,
IOException;
/**
* Resolve the record at a path
* @param path path to service record
* @return the record
* @throws PathNotFoundException path is not in the registry.
* @throws InvalidPathnameException the path is invalid.
* @throws IOException Any other IO Exception
*/
ServiceRecord resolve(String path) throws PathNotFoundException,
InvalidPathnameException,
IOException;
/**
* Get the status of a path
* @param path path to query
* @return the status of the path
* @throws PathNotFoundException path is not in the registry.
* @throws InvalidPathnameException the path is invalid.
* @throws IOException Any other IO Exception
*/
RegistryPathStatus stat(String path)
throws PathNotFoundException,
InvalidPathnameException,
IOException;
/**
* Probe for a path existing.
* This is equivalent to {@link #stat(String)} with
* any failure downgraded to a
* @param path path to query
* @return true if the path was found
* @throws IOException
*/
boolean exists(String path) throws IOException;
/**
* List all entries under a registry path
* @param path path to query
* @return a possibly empty list of the full path names of
* child entries
* @throws PathNotFoundException
* @throws InvalidPathnameException
* @throws IOException
*/
List&lt;String&gt; list(String path) throws
PathNotFoundException,
InvalidPathnameException,
IOException;
/**
* Delete a path.
*
* If the operation returns without an error then the entry has been
* deleted.
* @param path path delete recursively
* @param recursive recursive flag
* @throws PathNotFoundException path is not in the registry.
* @throws InvalidPathnameException the path is invalid.
* @throws PathIsNotEmptyDirectoryException path has child entries, but
* recursive is false.
* @throws IOException Any other IO Exception
*
*/
void delete(String path, boolean recursive)
throws PathNotFoundException,
PathIsNotEmptyDirectoryException,
InvalidPathnameException,
IOException;
/**
* Add a new write access entry to be added to node permissions in all
* future write operations of a session connected to a secure registry.
*
* This does not grant the session any more rights: if it lacked any write
* access, it will still be unable to manipulate the registry.
*
* In an insecure cluster, this operation has no effect.
* @param id ID to use
* @param pass password
* @return true if the accessor was added: that is, the registry connection
* uses permissions to manage access
* @throws IOException on any failure to build the digest
*/
boolean addWriteAccessor(String id, String pass) throws IOException;
/**
* Clear all write accessors.
*
* At this point all standard permissions/ACLs are retained,
* including any set on behalf of the user
* Only accessors added via {@link #addWriteAccessor(String, String)}
* are removed.
*/
public void clearWriteAccessors();
}
</pre></div></div>
</section><section>
<h3><a name="RegistryPathStatus"></a><code>RegistryPathStatus</code></h3>
<p>The <code>RegistryPathStatus</code> class summarizes the contents of a node in the registry.</p>
<div class="source">
<div class="source">
<pre>public class RegistryPathStatus {
/**
* Short path in the registry to this entry
*/
public String path;
/**
* Timestamp
*/
public long time;
/**
* Entry size in bytes, as returned by the storage infrastructure.
* In zookeeper, even &quot;empty&quot; nodes have a non-zero size.
*/
public long size;
/**
* Number of child nodes
*/
public int children;
}
</pre></div></div>
</section></section><section>
<h2><a name="Security"></a>Security</h2>
<p>The registry will allow a service instance can only be registered under the path where it has permissions. YARN will create directories with appropriate permissions for users where YARN deployed services can be registered by a user. of the user account of the service instance. The admin will also create directories (such as <code>/services</code>) with appropriate permissions (where core Hadoop services can register themselves.</p>
<p>There will no attempt to restrict read access to registry information. The services will protect inappropriate access by clients by requiring authentication and authorization. There is a <i>scope</i> field in a service record , but this is just a marker to say &#x201c;internal API only&#x201d;, rather than a direct security restriction. (this is why &#x201c;internal&#x201d; and &#x201c;external&#x201d; are proposed, not &#x201c;public&#x201d; and &#x201c;private&#x201d;).</p>
<p>Rationale: the endpoints being registered would be discoverable through port scanning anyway. Having everything world-readable allows the REST API to have a simpler access model &#x2014;and is consistent with DNS.</p>
<p>On a secure cluster, ZK token renewal may become an issue for long-lived services &#x2014;if their token expires their session may expire. Renewal of such tokens is not part of the API implementation &#x2014;we may need to add a means to update the tokens of an instance of the registry operations class.</p><section>
<h3><a name="Security_Policy_Summary"></a>Security Policy Summary</h3>
<p>In an a non-Kerberos Zookeeper Cluster, no security policy is implemented.</p>
<p>The registry is designed to be secured <i>on a kerberos-managed cluster</i>.</p>
<ul>
<li>
<p>The registry root grants full rights to &#x201c;system accounts&#x201d;: <code>mapred</code>, <code>hdfs</code>, <code>yarn</code> : <code>&quot;rwcda&quot;</code>; all other accounts, and anonymous access is read-only.</p>
</li>
<li>
<p>The permissions are similarly restricted for <code>/users</code>, and <code>/services/</code></p>
</li>
<li>
<p>installations may extend or change these system accounts.</p>
</li>
<li>
<p>When an application belonging to a user is scheduled, YARN SHALL create an entry for that user <code>/users/${username}</code>.</p>
</li>
<li>
<p>This node will have full access to the system; the user the access rights: <code>&quot;crd&quot;</code>. That is, they may create or delete child nodes, but not write to their home node, &#x2014;or alter its permissions.</p>
</li>
<li>
<p>Applications wishing to write to the registry must use a SASL connection to authenticate via Zookeeper,</p>
</li>
<li>
<p>Applications creating nodes in the user path MUST include the site-specified system accounts in the ACL list, with full access.</p>
</li>
<li>
<p>Applications creating nodes in the user path MUST include an ACL Which</p>
</li>
<li>
<p>Applications creating nodes in the user path MUST declare their own user identity as a <code>sasl:user@REALM</code> entry.</p>
</li>
<li>
<p>Applications creating nodes the user path MAY add extra <code>digest:</code> ACL tokens so as to give their services the ability to manipulate portions of the registry <i>without needing kerberos credentials</i>.</p>
</li>
</ul>
<p>The digest-driven authentication avoid the problem of credential renewal in long-lived applications. An YARN application may be passed the token to connect with the ZK service when launched. It can then create or update an entry, including a secret digest ACL in the permissions of nodes it creates. As a result, even after the credentials expire, it retains <i>some</i> access.</p>
<p>Note that for this to be successful, the client will need to fall back session to <i>not</i> use SASL, instead using authentication id:pass credentials.</p></section></section><section>
<h2><a name="Out_of_cluster_and_cross-cluster_access"></a>Out of cluster and cross-cluster access</h2>
<ol style="list-style-type: decimal">
<li>
<p>A client should be able to access the registry of another cluster in order to access services of that cluster. Detail of this need to further fleshed out.</p>
</li>
<li>
<p>Firewall services such as Apache Knox can examine the internal set of published services, and publish a subset of their endpoints. They MAY implement a future REST API.</p>
</li>
</ol>
<h1>Limits</h1>
<p><b>Entry Size</b></p>
<p>Zookeeper has a default limit of 1MB/node. If all endpoints of a service or component are stored in JSON attached to that node, then there is a total limit of 1MB of all endpoint registration data.</p>
<p>To prevent this becoming a problem, the client API should implement strict limits on the maximum length of fields, with low limits on the addressType, protocol, and api fields, something longer on the description and addresses elements &#x2014;along with a limit on the number of elements in the addresses field.</p>
<p><b>Name size</b></p>
<p>To support DNS in future, there must be a limit of 63 bytes on all path elements. For non-ASCII User names, this restriction implies that a shorter path may be a limit.</p>
<p><b>Rate of Update</b></p>
<p>A rapid rate of entry change is considered antisocial in a ZK cluster. Implementations may throttle update operations.</p>
<p><b>Rate of Polling</b></p>
<p>Clients which poll the registry may be throttled.</p>
<h1>Complete service record example</h1>
<p>Below is a (non-normative) example of a service record retrieved from a YARN application.</p>
<div class="source">
<div class="source">
<pre>{
&quot;type&quot; : &quot;JSONServiceRecord&quot;,
&quot;description&quot; : &quot;Slider Application Master&quot;,
&quot;yarn:persistence&quot; : &quot;application&quot;,
&quot;yarn:id&quot; : &quot;application_1414052463672_0028&quot;,
&quot;external&quot; : [ {
&quot;api&quot; : &quot;classpath:org.apache.slider.appmaster&quot;,
&quot;addressType&quot; : &quot;host/port&quot;,
&quot;protocol&quot; : &quot;hadoop/IPC&quot;,
&quot;addresses&quot; : [ {
&quot;port&quot; : &quot;48551&quot;,
&quot;host&quot; : &quot;nn.example.com&quot;
} ]
}, {
&quot;api&quot; : &quot;http://&quot;,
&quot;addressType&quot; : &quot;uri&quot;,
&quot;protocol&quot; : &quot;web&quot;,
&quot;addresses&quot; : [ {
&quot;uri&quot; : &quot;http://nn.example.com:40743&quot;
} ]
}, {
&quot;api&quot; : &quot;classpath:org.apache.slider.management&quot;,
&quot;addressType&quot; : &quot;uri&quot;,
&quot;protocol&quot; : &quot;REST&quot;,
&quot;addresses&quot; : [ {
&quot;uri&quot; : &quot;http://nn.example.com:40743/ws/v1/slider/mgmt&quot;
} ]
}, {
&quot;api&quot; : &quot;classpath:org.apache.slider.publisher&quot;,
&quot;addressType&quot; : &quot;uri&quot;,
&quot;protocol&quot; : &quot;REST&quot;,
&quot;addresses&quot; : [ {
&quot;uri&quot; : &quot;http://nn.example.com:40743/ws/v1/slider/publisher&quot;
} ]
}, {
&quot;api&quot; : &quot;classpath:org.apache.slider.registry&quot;,
&quot;addressType&quot; : &quot;uri&quot;,
&quot;protocol&quot; : &quot;REST&quot;,
&quot;addresses&quot; : [ {
&quot;uri&quot; : &quot;http://nn.example.com:40743/ws/v1/slider/registry&quot;
} ]
}, {
&quot;api&quot; : &quot;classpath:org.apache.slider.publisher.configurations&quot;,
&quot;addressType&quot; : &quot;uri&quot;,
&quot;protocol&quot; : &quot;REST&quot;,
&quot;addresses&quot; : [ {
&quot;uri&quot; : &quot;http://nn.example.com:40743/ws/v1/slider/publisher/slider&quot;
} ]
}, {
&quot;api&quot; : &quot;classpath:org.apache.slider.publisher.exports&quot;,
&quot;addressType&quot; : &quot;uri&quot;,
&quot;protocol&quot; : &quot;REST&quot;,
&quot;addresses&quot; : [ {
&quot;uri&quot; : &quot;http://nn.example.com:40743/ws/v1/slider/publisher/exports&quot;
} ]
} ],
&quot;internal&quot; : [ {
&quot;api&quot; : &quot;classpath:org.apache.slider.agents.secure&quot;,
&quot;addressType&quot; : &quot;uri&quot;,
&quot;protocol&quot; : &quot;REST&quot;,
&quot;addresses&quot; : [ {
&quot;uri&quot; : &quot;https://nn.example.com:52705/ws/v1/slider/agents&quot;
} ]
}, {
&quot;api&quot; : &quot;classpath:org.apache.slider.agents.oneway&quot;,
&quot;addressType&quot; : &quot;uri&quot;,
&quot;protocol&quot; : &quot;REST&quot;,
&quot;addresses&quot; : [ {
&quot;uri&quot; : &quot;https://nn.example.com:33425/ws/v1/slider/agents&quot;
} ]
} ]
}
</pre></div></div>
<p>It publishes a number of endpoints, both internal and external.</p>
<p>External:</p>
<ol style="list-style-type: decimal">
<li>The IPC hostname and port for client-AM communications</li>
<li>URL to the AM&#x2019;s web UI</li>
<li>A series of REST URLs under the web UI for specific application services. The details are irrelevant &#x2014;note that they use an application-specific API value to ensure uniqueness.</li>
</ol>
<p>Internal:</p>
<ol style="list-style-type: decimal">
<li>Two URLs to REST APIs offered by the AM for containers deployed by the application itself.</li>
</ol>
<p>Python agents running in the containers retrieve the internal endpoint URLs to communicate with their AM. The record is resolved on container startup and cached until communications problems occur. At that point the registry is queried for the current record, then an attempt is made to reconnect to the AM.</p>
<p>Here &#x201c;connectivity&#x201d; problems means both &#x201c;low level socket/IO errors&#x201d; and &#x201c;failures in HTTPS authentication&#x201d;. The agents use two-way HTTPS authentication &#x2014;if the AM fails and another application starts listening on the same ports it will trigger an authentication failure and hence service record reread.</p></section>
</div>
</div>
<div class="clear">
<hr/>
</div>
<div id="footer">
<div class="xright">
&#169; 2008-2023
Apache Software Foundation
- <a href="http://maven.apache.org/privacy-policy.html">Privacy Policy</a>.
Apache Maven, Maven, Apache, the Apache feather logo, and the Apache Maven project logos are trademarks of The Apache Software Foundation.
</div>
<div class="clear">
<hr/>
</div>
</div>
</body>
</html>